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INTRODUCTION 

Supervisory control and data acquisition (SCADA) is an 
industrial computer system monitoring and controlling a pro- 
cess. SCADA system consists of human machine interface 
(HMI), remote terminal units (RTU), programmable logic 
controllers (PLCs), communications and network infrastruc- 
ture, computers, embedded and other controllers, and appro- 
priate software support at various levels. 

The term SCADA usually refers to centralized systems 
that monitor and control entire sites, or complex processes 
spread out over large areas (from a single industrial plant to 
many plants in many countries). Most control actions are per- 
formed automatically by RTUs or PLCs. 

This chapter has two parts: the first part is an overview 
of SCADA systems providing information on hardware, soft- 
ware, and programming requirements. In the second part, an 
example is given, with a particular application on airport con- 
trol system and alarm management, to highlight basic prin- 
ciples and development of an applied SCADA-HMI system. 

PART 1— SCADA HMI ESSENTIALS 

Process control and automation technology has changed 
significantly in the last decade. We had many different ter- 
minologies for control systems describing different types of 
controls. In the author’s opinion, the IEC’s description as 
basic process control system (BPCS) appears to be the best 


description. Traditionally, there were two main concepts of 
control strategy, one where logic solver is centralized and I/O 
is distributed, known as distributed control systems (DCS), 
and the second where logic solver is localized. In this chap- 
ter, we are going to stay focused on the logic solver concepts. 

Traditionally, where logic solver was localized, process 
data had to be transmitted through the network to the point 
of administrative interest and hence the name SCADA came 
about. 

At the present, the logic solver technology and the net- 
work technology have grown such that the logic solver is still 
localized, and takes a new meaning as programmable automa- 
tion controller or programmable application controller (PAC). 
Note that the name change from logic controller to automation 
or application controller is now armed with all types of com- 
munication capability to meet the needs of a control network. 
It has higher memory capability for much wider application 
software. I/O or logic solver is simply an IP address irrespec- 
tive of the way it connects to the network and the method of 
connection to the network. The connection can be by radio or 
Ethernet, transparent to HMI since it uses the point address. 

With that in mind, we are going to identify various com- 
ponents of SCADA in a logical sequence and then elaborate 
on these components as we progress through this chapter. 
The main components of SCADA are 

1. Field I/O — This can be rack mount with CPU or net- 
worked with CPU or RTU style wall mount. 

2. Logic solver — This can be rack-mounted CPU or RTU 
style wall-mounted CPU. 

3. Network and network components — Most widely 
used media for control network is Ethernet. We will 
not go into details of the network but further informa- 
tion can be obtained in Parts 5 and 6 of this book. 

4. CPU, I/O, and network configuration and applica- 
tion development software typically provided by the 
selected hardware platform, for example, ControlLogix 
5000 of Rockwell Automation for Allen-Bradley PLC 
or Proficy Me for GE-IP line of PLC & PAC. 

5. HMI hardware — This can be industrial ruggedized 
PC or HMI hardware from various vendors, such as 
Panel View from A-B or Versaview from GE-IP. 
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6. HMI software — Software such as Wonderware, 
InTouch, or iFix for developing graphical user inter- 
face (GUI), historian, and alarm management. 

7. Engineering/maintenance workstation — PC with all 
development software loaded along with necessary 
licenses. 

Before we go into details of the structure of SCADA, it is 

important to highlight the necessary requirements for con- 
figuring and using it. The natural progression of deliverables 

for engineering can be listed as follows: 

1. P&IDs (piping and instrumentation diagrams) — This 
is the starting point for I/O count. 

2. Instrument data sheets — This will help confirm signal 
requirements of I/O. 

3. I/O list — This is the list of every input and output 
points of SCADA system. List is prepared based on 
control panels and geographic setting, prepared in 
MSAccess or MSExcel. 

4. Electrical plot plans — Physical location and area 
classification of control panels. 

5. Control block diagrams — Line diagram connectiv- 
ity of various components involved in control scheme. 
This can be further enhanced to create interconnect 
diagrams. 

6. Control network diagrams — This is a detailed net- 
work diagram. 

7. Inter connect diagrams — Cable routing and drawings. 

8. Control panel layouts — It includes bill of material 
and planned location of each panel component. 

9. PLC schematics — Wiring to/from PLC, PAC, and 
I/O. Some time PLC schematics can be enhanced to 
include more details of field instruments so that instru- 
ment loop drawings are not required. In cases where 
the loop is complex and has connections in various 
panels, loop drawings have to be prepared. 

10. Panel wiring diagrams — Wires by number and termi- 
nations by number. 

11. Panel bid packages — Comprising of panel layout, 
schematics, and wiring drawings along with standards 
required on the project and the commercial details. 

12. Control panel vendor selection based on qualifica- 
tions and commercial details. 

13. Control narratives — Description for applications and 
logic development prepared from process engineering 
and other inputs. 

14. Cause and effect diagram — This is done to understand 
operations safety requirements. It can be incorporated 
with Hazard in Operations (HAZOP) study. 

15. Logic diagrams — Additional details for logic devel- 
opment. As a rule of thumb, every output requires 
an expression. Overrides and emergency shutdown 
(ESD) have to be put in considerations. Typically, this 
is developed in controller application development 


software package and then published in suitable office 
software such as Word or Visio. 

16. HMI screen concept and acceptance — This is done to 
understand customer needs. 

17. Construction bid specification packages — This com- 
prises all the drawings and documents necessary for 
qualified construction contractor to bid for a project. 

18. Instrument loop drawings — In cases where the loops 
are complex and involve multiple outputs, and a loop 
diagram is prepared showing electrical connectivity of 
every component of the control loop. 

19. Construction specifications — This comprises all the 
drawings and schedule along with standards required 
for construction. 

20. FAT procedure and forms — Complete factory accep- 
tance test (FAT) details along with documents and 
forms. 

21. Commissioning plan and forms — Plan and sched- 
ule of commissioning to mitigate risks of start-up. 
Includes forms for point-to-point checkout. 

22. Operations manuals — Step-by-step guide for 

operators. 

23. Maintenance manuals — Maintenance and trouble- 
shooting resources. 

24. Customer acceptance test forms — To go through com- 
plete functionality with customer. Operations manual 
can be used as a guideline for this. 

SCADA COMPONENTS 

We will now delve into details of components of SCADA. 

Field I/O 

Field I/O is hardware installed in the field for all inputs and out- 
puts of SCADA. I/O list and control block diagram drawings 
are needed in evaluation and selection of field I/O details. Field 
I/O can be rack mounted, single-mount RTU style, or individ- 
ual mount. The following are the basic types of Field I/Os. 

Digital input : Typical points are equipment status, status 
of remote switches, thresholds of concerned process 
parameter, such as Lo Lo, Lo, Hi, and Hi Hi. For 
example, a pressure switch can have status of PSLL, 
PSL, PSH, and PSHH. 

Further classification can be made based on voltage require- 
ments of equipment, sourcing, sinking, and high density. 
High speed pulse: This is a specialized digital input that 
can handle high-speed pulse typically used in the flow 
totalization. 

Digital output: Typical points are equipment commands to 
turn it ON/Off, or Open/Close. Further classification 
can be made based on voltage requirements of 
equipment, current requirement, and high density. 
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Relay output. Digital output card that provides voltage 
flexibility. Every output point is a relay contact and 
can have a range of voltages. 

Analog input: Typical points are process variable, such as 
temperature, pressure, flow. It is available in the fol- 
lowing broad categories: 

4-20 mA input: Most popularly used for field transmitter 
input. In some cases, it can be modified for 0-20 mA, 
which is rarely used. 

2-10 V input: Process signal based on the voltage. 
Thermocouples: Input signal conditioner cards developed 
just for thermocouples. They are available for various 
types of thermocouples. 

RTDs: Input signal conditioner cards developed just for 
RTDs. They are available for various types of RTDs. 
Analog output: Typically used in current or voltage versions. 
Most applications are modulation of valves or variable 
frequency drives (VFDs) as final control elements. 

Serial inputs: Available for various serial protocols such 
as RS232, EIA485, Modbus+, and Modbus. They are 
typically used for advanced field instruments, such as 
the flow transmitter and analyzer. 

Various special applications Field I/Os are also available 
depending on the selected manufacturer product range. 

Logic Solvers 

Logic solver is the CPU of the hardware platform. It can be 
integral with RTU style individual-mounted field I/Os or sep- 
arate card in RACK mounted I/Os. SCADA system can have 
multiple localized CPUs networked together. As the name 
suggests, logic for corresponding I/O points are solved here. 

Special considerations may have to be given for the mem- 
ory requirements, the network connectivity, and the speed of 
the control implemented. 

Networks and Network Components 

SCADA network depends on geographical spread of the field 
I/O. Typical control network is implemented on the Ethernet 
using hardware and manufacturer’s protocols. One such exam- 
ple is the user datagram protocol (UDP). However, more and 
more manufacturers are offering TCP/IP. Appropriate network 
connectivity should be included on field I/O. Some field I/Os 
can be implemented using radio or other wireless systems. 
Broad categories of network components are as follows: 

Network media: This is typically combination of copper 
wires and fiber optics. Due consideration should be given for 
redundancy. Appropriate accessories have to be selected for 
the network installations. 

Network switches: Due considerations for selection are 
redundancy, network media, and a number of channels at 
each location and noncontrol devices such as the cameras. 


Field I/Os: Appropriate network connectivity has to be pro- 
vided to field I/O. Distance limitations if any should be noted 
and resolved. 

Logic solver: Appropriate network connectivity has to be 
provided to the CPUs. 


SCADA CONFIGURATION AND THE SOFTWARE 

Typically provided by the hardware manufacturer, but it is 
the software where everything comes together. Refer to the 
selected manufacturer's Programming Manual for details of 
instructions. The basic steps are described below. This soft- 
ware has two main parts: the hardware and network configu- 
rations and the application or logic development. The natural 
progression of activity is described below. 

Hardware Configuration 

New projects are created in the hardware manufacturer’s 
software such as A-B Logix5000, RSLogix Guard, or GE-IP 
Proficy ME. Appropriate hardware rack is added such as 
GE-IP Rx3i or 7i or A-B SLC 5, MicroLogix. You can name 
the rack by simple numerical scheme or by area designation. 
Once rack is added, CPU and power supply are added. Field 
I/O module required based on I/O list are added. Network 
modules needed based on SCADA scheme are added. 
Redundancy if planned is added. 

Point Loading 

Every point of I/O list is brought into the configuration soft- 
ware as signal list or point list. Import utility is available and 
basic properties of the point are defined, such as binary or 
integer. For integers, process variable range is added. 

1/0 Allocation 

Every hardwired I/O point from I/O list is then connected to 
a respective point in respective a slot and rack or individually 
mounted field I/O. If points from controller are used in other 
controller logic then they are connected using peer-to-peer 
(P2P) configuration or Modbus configuration as the case may 
be. In this step, the source of all data points is defined for the 
CPU use. 

Logic Development 

As application is identified from P&IDs and control nar- 
ratives are completed with the help of process engineers 
and related disciplines, logic development is started. Every 
output from I/O list needs a logic development. Several 
memory tags are also created in the process of creation of 
the logic. Most logic development packages offer multiple 
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options to develop application such as ladder diagrams, 
function block diagrams, structured texts, and C or C++. 
Refer to manufacturer’s user manual for details on each 
method. Additional points that are used for development of 
logic are added at this stage. These points are referred to as 
soft points. Below is brief description various methods of 
logic development: 

• Ladder diagrams — Similar to electrical power sche- 
matic diagrams, ladder diagrams are used for typically 
small to medium size applications. 

• Function block diagrams — This is very widely used 
in the process industries and in DCSs. 1EC61131 stan- 
dard function blocks are provided by manufacturer. It 
is very similar to the block diagram for logic where 
every block is an active object. Tags are connected 
at inputs and outputs for the desired results. User- 
defined function block can be prepared for repetitive 
application. GE-IP proficy process solution package 
and Rockwell Automation’s PlantPAX is noteworthy. 

It provides ability to migrate prepared function block 
into HMI environment of the package with drag and 
drop ease. 

• Structured texts — Logical statements with few mne- 
monics and syntax. 

• C, C+H — Typically used for complex logic operations. 

Compilation and Codes 

Once logic development is complete, it is compiled using 
compiler utility and code is generated. Typically, when all 
the hardware is not present, some warning may come up dur- 
ing code generation. All the warnings have to be addressed 
and eliminated prior to FAT. 

Connecting to CPU and Downloading the Codes 

This requires the MAC address of the unit and compatible 
IP address for the engineering workstation. Using manufac- 
turer's guidelines connect to the CPU and download the gen- 
erated codes. GUI for the CPU certain basic properties can 
be updated, such as the time and date. Make sure that CPU 
accepts RUN mode successfully. Also, configure such that 
CPU comes to RUN mode at power ON. 

Logic Simulations and Pretests 

Simulation utility is available for pretest of the logic devel- 
oped. By forcing value of the input logic can be triggered 
and tested. Logic can also be tested by triggering inputs 
using hardwired jumpers so that corrections can be made if 
required. 

At the end of pretest, complete tag database is exported 
to be used in HMI Software. This database will have all the 
hardwired tags and memory tags used by Logic. 


HMI HARDWARE 

This is the hardware where the operators interface with 
process on routine basis. It can be specialty hardware such 
as Panel View or Versaview with Runtime version of View 
Software loaded or it can be industrial ruggedized PC with 
touch screen. Typically, only the runtime version of the soft- 
ware is loaded on this station such that modifications can- 
not be made. Considerations for selections are panel mount, 
desk mount, touch active, indoor use, outdoor use, electri- 
cal area classification, operating systems, and software 
compatibilities. 

HMI SOFTWARE 

HMI development defines interactivity of operators with 
the process. There are two distinct version of this software: 
one is referred to as RUN TIME, which is loaded on the 
HMI station and does not have any development ability, and 
the other is referred to as development version. Cost of the 
software is typically associated by number of tags or num- 
ber of screens in the system. There are considerations such 
as connectivity with hardware and other component that 
may require additional middleware, such as the open link 
exchange for process control (OPC) or Modbus. Other cost 
considerations are alarm management, trending, and histo- 
rian and associated reports. Following are activities in natu- 
ral progression: 

• HMI concept development — Some mutually agreed 
requirement with end user based on their exist- 
ing standard or experience. It needs to define color 
scheme, navigation scheme, and individual equipment 
and device animation guidelines. 

• Preliminary system configuration — This activity 
defines various nodes and configuration. 

• Middleware tag definitions and configuration — If 
middleware is used such as OPC or Modbus for live 
data. Proper configuration has to be completed in this 
software. 

• Tag database loading — This activity depends on com- 
pletion of logic development because in the course of 
logic development several memory tags are defined 
that may require animation. 

• Creation of building blocks of the process such as 
control valves, pumps, blowers, tanks. 

• Creation of home screen and process screens by using 
process blocks and attaching tag names. 

• Creation of control panels or pop-ups that are detailed 
screens for operation of equipment. 

• Creation of set-up parameter screens. 

• Creation of alarm management screen. 

• Creation of historical trends. 

• Creation of reports. 

• Basic navigation tests. 
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• Connecting with controllers. 

• Testing set of screens with respective controller using 
forced tag values or jumpers. 

• Pre-FAT test prior to shipping all controller hardware 
and HMI. 

HMI CONCEPT DEVELOPMENT 

Some basic mutually agreed requirements have to be defined 

with end users for color and navigation schemes. 

Color Schemes 

Following are the basic examples of color schemes for pro- 
cess animation: 

• Green — Normal for process operation 

• Gray — Device or equipment not in operation 

• Red — Abnormal or alarming for process operation 

• Yellow — Advisory 

• Red/red blinking — Alarming unacknowledged 

• Red steady — Alarm acknowledged 

• Yellow/red blinking — Transitioning to alarming state 
such as MOV (motor-operated valve) transitioning to 
alarming state open or close 

• Yellow/green blinking — Transitioning to normal state 
such as MOV transitioning to normal state open or close 

• Cyan or teal — Bad data due to loss of communications 

• Alarm text in steady green — Unacknowledged alarm 
that returned to normal 

• Alarm text in steady blue — Acknowledged alarm that 
returned to normal 

Navigation Schemes 

Following are basic examples of navigation scheme: 

• Start-up screen or home screen as the overall process 
layout. 

• Clicking on subpart of the process leads to the process 
layout for that area. 

• Clicking on equipment or device opens pop-up or con- 
trol panel screen to control the device. 

• Twenty percent of display area is dedicated to active 
alarm window, typically top 20%. In cases where 
there are multiple monitors, 20%-25% of desktop is 
dedicated to active alarm window. 

• Overall process set-up parameters are entered through 
separate set-up screen. 

• Equipment set-up parameters are entered through 
pop-ups or control panels. 

Preliminary Configurations 

F1MI software package requires preliminary configuration 

such as definition of modes and controllers in the system, 


and necessary set-ups and IP addresses for each node for a 
successful communication. In the case of an HMI package 
purchased with the same manufacturer hardware, tag brows- 
ing is sometime simplified by the communication utilities, 
such as RSLinx by A-B and Proficy ME by GE-IP. 

Middleware Tag Definitions and Configurations 

If middleware such as OPC server or Modbus server is in 
the SCADA scheme, then middleware has to be installed on 
the engineering workstation and configuration has to be com- 
pleted based on the manufacturer’s guidelines. If required, 
tag database has to be created, matching tags and address 
in the controllers. Project file is then saved. Runtime ver- 
sion of the middleware has to be installed on HMI hardware 
and configuration files have to be transferred on it. Tag data- 
base communication test should be performed between the 
middleware and the HMI independent of controllers and 
between the middleware and the controller itself to assure 
total connectivity. 

Tag Database Loading 

At the completion of logic development, complete tag data- 
base is exported including all memory tags. This file can be 
used to import into the HMI environment as a starting point 
for tag database. HMI tag properties will be unique and may 
differ from properties of the logic package. All those proper- 
ties have to be appropriately modified to complete the tag 
database. Also, each controller tag will have a unique prefix, 
or will have a unique node in the HMI tag database for suc- 
cessful live communications. 

Creation of Building Blocks 

This is the most important step for overall quality of the 
screens. In this step, all unique building blocks of process 
are identified and acceptable animation and control is defined 
for proper operations methodology. These building blocks 
become part of the project template. 

Creation of Home Screen and Process Screens 

This is the top view of the process to give overall process 
health information to operations. It can be a block diagram/ 
process flow diagram depicting various component of the 
process or a key map of the facility with interactivity into 
unique blocks or areas for ease of operations. 

Creation of Control Panels or Pop-Ups 

In the process flow diagram or area of the process that is 
depicted on screen, there will be final control elements, such 
as the isolation valves, control valve, pumps, and VFDs, 
which impact process outcome and can be controlled in 
operator mode by operator intervention from HMI or in 
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automatic mode following system logic. Control panels will 
have following components as a minimum requirement: 

• Button to make unit in Auto Mode 

• Button to make unit in Operator mode 

• Button to turn unit ON/OFF 

• If final control element is an analog device, then it will 
have a slider for analog output and display of set-point 

Creation of Set-Up Screens 

Set-up screens are places for operators to enter control vari- 
ables, such as the timer unit, constants for control functions, 
P1D constants, and operator set-points. This can be a separate 
screen or included on pop-up/control panel. 

Creation of Alarm Management 

It is very easy to define any point as alarm in SCADA HMI 
just with a click of a button but a proper alarm management 
should clearly be defined when the project is undertaken. 
Valuable resources and guidelines for alarm management can 
be found in standards, such as ANSI/ISA 18.2, API RP1167, 
and PHMSA Alarm Management guidelines. 

Creation of Historical Trends 

With the help of proper control narratives of the project, 
points, which will need to be recorded for history and report- 
ing, should be identified from the tagname database. 

Creation of Reports 

Any regulatory reports or operation reports have to be 
defined and created using various reporting methods of data- 
base management. 

Basic Navigation Test 

Once screen development is completed, a basic navigation 
test should be performed in runtime to eliminate obvious 
errors of broken link and ease of navigation. 

Connecting with Controllers 

Basic test of connecting with the controller should be per- 
formed to verify dynamic data exchange taking place 
between the HMI and the controllers. It validates the con- 
nectivity with the controllers. 

Testing Set of Screens 

Testing set of screens with respective controller using forced 
tag values or jumpers. A unit or a set of unit (system) can be 
tested to validate the HMI development utilizing combina- 
tion of forced tag values or jumpers. 


Pre-FAT Test of Hardware and HMI 

Pre-FAT tests are conducted prior to shipping all controller 
hardware and HMI. All controllers can be set up in an office 
environment with the actual configuration software loaded. 
It facilitates testing of HMI and logic and also helps validate 
communications between controllers. It also ensures oper- 
ability of controllers prior to installation in control panels. 


ENGINEERING WORK STATIONS 

Engineering workstation is a PC used to develop SCADA appli- 
cations. It has following software as a minimum requirement: 

• HMI Development software along with proper licensing 

• HMI, controller, and middleware connectivity, such as 
the OPC or DDE Driver or RSLinx 

• Controller configuration and logic development soft- 
ware, such as the ProficyME or Control Logix 

• Any database required by historical trends, such as the 
ODBC or SQL 

• Any reporting software, such as the MSExcel or 
Crystal Reports 

For all successful SCADA projects, progressive development 
of deliverables are prepared at each milestone of the project 
and then knowledge-bases are used in corporate archives for 
the future projects. 


PART 2— A PRACTICAL EXAMPLE OF SCADA-HMI 
System Definition 

A real emergency fuel shutoff (EFSO) system has been set up 
at an international airport. In this part, we will demonstrate 
some examples of operational SCADA and the development 
of the control strategy in a logical and sequential manner. 

This particular airport is undergoing a major engineer- 
ing upgrades and proper control and use of EFSO is an 
essential part of the project. The upgraded EFSO system will 
consist of 

• Master station (MS) 

• Local control and termination panels 

• Alarm stations 

• MOVs 

The alarm stations are installed along the exterior of each 
concourse near each gate or fueling position and are wired 
to the local control panels. Actuating any alarm station will 
signal the fuel supply pumps at the fuel terminal (FT) to shut 
down in the event of an emergency. Any alarm signal will 
shut down the fuel supply pumps and stop aircraft refuel- 
ing operations throughout the airport. The MS then closes 
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specific MOVs to isolate the fueling area where the EFSO 
has occurred. 

The EFSO system controls are linked together using the 
Ethernet networking protocol over the airport’s wide Ethernet 
network. The local control panels are networked with the MS 
at the FT using a P2P networking scheme. 

PLCs in local control panels are connected through CAT6 
cables to patch panels in the nearest intermediate distribu- 
tion frame (IDF) room. From these patch panels, the EFSO 
system connects into the Ethernet network through Cisco 
switches in the IDF Room. This PLC networking capabil- 
ity is integral with the EFSO panel controllers through Allen 
Bradley 1600 Guard PECs. 

The EFSO System is controlled from a master HMI panel 
at the FT. This HMI is a touch screen LCD monitor that is 
mounted in an existing control room. The HMI uses a series 
of graphic “mimic” screens to provide the alarm indication 
and the system control. 

The terminal EFSO panels continuously monitor the 
EFSO push/pull Stations in each zone. Inside view of a con- 
trol panel and the locations of PLCs are shown in Figure 5.1. 
The Master PLC monitors the EFSO ESD status informa- 
tion, status of communications network, and EFSO control 
panel. A single-mode fiber-optic cable provides the commu- 
nication links between the terminals and the main distribu- 
tion frame (MDF) room where the overall system is linked 
into the airport network. The cable is routed parallel to the 
20” aboveground fuel supply pipelines in an existing conduit, 
then underground in a terminal 2 expansion (T2X) commu- 
nications duct bank that terminates at the T2X MDF room. 

The operating element of the EFSO system control panels 
is the PLC. This device allows the control logic to be adjusted 



FIG. 5.1 

EFSO control panel and the PLCs. 


using a PLC software program, and monitors the flow of data 
between the EFSO push/pull stations and front panel devices. 
It also facilitates the flow of digital data to the pump station 
and master control panel over the airport Ethernet fiber-optic 
network. 

Master HMI Display Panel Operation 

Master display is a large project involving many hardware 
and software aspects as well as the programming of SCADA. 
However, due to unavailability of space in this book, the 
information given here will be confined to the descriptions 
of the operations of touch screen units. The graphic display 
screens that control the EFSO system and the refueling oper- 
ations will also be discussed briefly. 

EFSO Screen Conventions HMI uses a 17 in., color, touch- 
screen display using Allen Bradley graphics software. This 
software provides a “mimic” panel representation of the 
EFSO system and the airport terminals. The primary screen 
is the “overview” screen, shown in Figure 5.2, representing 
the distribution of the EFSO system at each airport terminal 
and concourse. 

Following is a color scheme used on GUI of EFSO 
system. 

• Green is normal operation 

• Red is emergency or alarm situation 

• Yellow is advisory 

Figure 5.2 shows the overview of the entire EFSO system. It 
shows the all the terminals, all zones, Tl, T2X, and remote 
overnight terminal (RON). This is the home screen and under 
normal conditions will have all the animations in green. This 
display uses the following features on each subsequent screen 
for control: 

a. All zones along with their concourses and terminals 
are depicted on the picture. EFSO panels are depicted 
by a box. 

b. All zones and terminal are touch-active. When 
touched, it leads to the panel specific screen. As an 
example, when Zones 5-11 are touched, the RON 
panel screen appears since these zones are controlled 
by RON. 

c. When a concourse or the terminal has an EFSO emer- 
gency that entire block will blink red. In case of a con- 
course or terminal bypass, the respective block will be 
highlighted in yellow. 

d. When panel is fed by uninterruptable power source 
(UPS), the panel box for that concourse will blink yel- 
low with the text “ON UPS.” 

e. When a panel looses communication with the master 
controller, the panel box for that concourse will blink 
red with the text “P2P.” 
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FIG. 5.2 

Primary screen of the EFSO system at each terminal and concourse. 


f. The top alarm box displays only the active alarms and 
can display up to four lines of alarms. When more 
alarms are active, use the UP and DOWN arrows on 
the alarm box to scroll. Once the alarm clears, it is no 
longer displayed in this box. All other screens are dis- 
played such that this box is always visible. The excep- 
tion is the alarm log screen, which displays all alarms 
logs. The alarm occurrence time, the alarm acknowl- 
edged time and the alarm message are each displayed 
on this box. 

Action Button Operation All of the HMI display screens 
include “action buttons” to provide various utility functions 
that are required during the course of operations or testing. 
The following sections discuss their operation. 

a. PRINT — This button will PRINT a real-time snapshot 
of the screen to the printer. 


b. ALARM LOG — This button opens the ALARM 
LOG screen when touched. 

c. HISTORY LOG— This button opens HISTORY LOG 
screen when touched. 

d. Operator log-in — This button allows an operator to 
log-in using Windows log-in. 

e. Log-out — This button is visible only when someone is 
logged in and allows user to log out. 

f. Administrator log-in — This button allows an adminis- 
trator to log in using Windows log-in. 

g. QU IT — t his button is accessible to operator or admin- 
istrator logged in and it closes the HMI program and 
returns to WindowsXP. 

h. BYPASS — This button allows the system to bypass 
the pump shutdown sequence should an EFSO alarm 
be detected. This button is for use primarily to facili- 
tate testing operations. It requires an operator or 
administrator to log in. 
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i. GO TO OVERVIEW — This button closes any spe- 
cific concourse EFSO screen, revealing the overview 
screen. 

Pump Station Master Control Panel Status Screen The ter- 
minal pump station master control panel screen is shown in 
Figure 5.3. This controller receives process signals from all 
controllers. It monitors push/pull stations at the terminal and 
controls pump shutdown. 

PLC communication status is provided of all control- 
lers on the left. Other digital monitoring points are fuel 
pump shutdown, terminal EFSO, panel on UPS, and UPS 
battery low. 

5 Pen real-time trend is provided for fuel pressure, lo 
pressure alarm set point, hi pressure alarm SP, fuel flow, 
and hi flow set point. Box on the bottom of the trend shows 
numerical value of all 5 Pen. Scale on the trend is for the Pen, 
which is highlighted by selection. 


Bottom most box has set-point entry boxes for each of the 
three analog alarm set-points. 

Terminal 1 EFSO Panel Screen Figure 5.4 illustrates the (Tl) 
EFSO screen. This panel monitors Zones 1-4. As a result 
of touch on any of the Zones 1-4 from overview, opens this 
screen. 

Referring to the Figure 5.4, note the following: 

a. PANEL STATUS: These seven status bars show the 
status of points on the EFSO panel at the concourse. 

b. EFSO STATUS: This BAR represents EFSO STATUS 
of Tl. It is GREEN when operation is NORMAL. It is 
RED when the EFSO ALARM for the terminal is ON. 

c. Zones 1-4 STATUS: Note as discussed earlier, the 
EFSO pull stations at the airport are generally wired 
in series, such that actuating one creates an alarm for 
the entire daisy-chained group. These bars represent 



FIG. 5.3 

Terminal pump station master control panel screen. 
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FIG. 5.4 

Terminal 1 EFSO screen. 


EFSO Pull STATIONS CHAINS, where the “chain” 
is a group of pull station wired in series. In this case, 
Zones 1-4 each have a separate pull-station chain. 
When the EFSO pull station of that chain is activated, 
the screen bar goes to RED. During normal opera- 
tions, this bar is GREEN. 

d. Panel UPS STATUS: These bars show status of UPS 
in the panel. When panel is fed by UPS, “ON UPS” is 
yellow. When UPS Battery is low, “Battery Low” is 
Red. 

e. PLC COMMUNICATION STATUS: These alarms 
are available at all concourses EFSO Panels. All com- 
munication status alarms are arranged with respect 
to terminal master controller. When controller looses 
communication with master controller, its respec- 
tive alarm is generated. Similarly, when I/O module 
loses communication with its controller, an alarm is 
generated. 


f. ACTION BUTTONS: These are self explanatory. 

g. MOV CONTROL SCREEN: This is an interface to 
control selected MOV. T 1 panel controls three MOV, 
MOV04, MOV05, and MOV06. Each MOV has its 
own control screen. Administrator has access to 
valve travel time input. When MOV does not open or 
close within a specified time, it is declared failed to 
open or failed to close. Timer Displayed are timers, 
which starts once MOV starts its transition to either 
to open or to close. AUTO or HAND mode is also 
monitored. Only when MOV is in AUTO, it can be 
controlled from control screen. POWER of MOV is 
also monitored. RESET button is used to RESET 
the MOV once failure is rectified to resume normal 
operation. 

1. MOV04 opened: This is normal state of all MOV. It is 
in Auto mode and Power is ON, Figure 5.5a. Observe 
that CLOSE button is available when valve is opened. 
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(a) 


(b) 


(c) 


FIG. 5.5 

MOV control screen changes of sequence: (a) power is on, (b) transit to close, and (c) power is closed. 


2. MOV04 in transit to close: MOVs are programmed to 
close automatically in an event of EFSO Figure 5.5b. 

It blinks yellow and red during transit. When in tran- 
sit, the valve is not available for OPEN command as a 
result “NOT READY” flag is visible. 

3. MOV04 closed: Below is screen shot of MOV closed, 
Figure 5.5c. When all permissive are true, OPEN but- 
ton is available. 

4. MOV04 in transit to open: Once EFSO situation is 
resolved and all permissive are satisfied, valves can be 
opened by operator by pressing OPEN button. When 
in transit, valve is not available for OPEN command as 
a result “NOT READY” flag is visible. 

RON EFSO Panel Display Screens RON EFSO panel moni- 
tors (Figure 5.6) Zones 5—11, as a result a touch on any 
of them opens this screen. In addition, this panel controls 
MOV 7 through 10. 

Similar to T1 screen it has a panel alarm, PLC communi- 
cation status, action buttons, and MOV control screens. Note 
that RON has individually wired EFSO pull stations at Zone 
11, which are EMS49 through EMS59. 

T2X EFSO Panel Display Screen This is the new T2X EFSO 
screen (Figure 5.7). It monitors Zone 12, which has indi- 
vidually wired 8 EFSO push/pull stations EMS60 through 
EMS67. It also controls MOV1, 2, 3, and 11. Details are simi- 
lar as before and hence will not be repeated. 

Alarm Log Display Screen 

This screen displays (Figure 5.8) all the alarms with a time 
and date stamp. The following list is the color code: 

• RED & BLINKING: Active & unacknowledged 

• RED STEADY: Active & acknowledged 

• BLUE STEADY: Inactive & unacknowledged 

• GREEN STEADY: Inactive & acknowledged 


Historical Log 

Master controller monitors fuel line pressure and fuel line 
flow. These points are available to view in the form of histori- 
cal trend (Figure 5.9). 

Auxiliary HMI Display Screen 

This is a read-only screen with no interactivity. It is similar 
to the “overview” screen on the main HMI with the following 
differences. 

1. It does not have a top alarm window. 

2. It does not have any touch-active animation from any 
zone. 

3. Since there is more room, Zone 1 1 is elaborate. 

It has only one control function that can be performed by 
operators in the communication and dispatch tower and 
pump shutdown. Fueling operators may request dispatch 
tower to shut down a pump in an emergency. 


SEQUENCE OF OPERATIONS 

The EFSO System is controlled from the master control panel 
HMI, which executes commands using three major opera- 
tional sequences. The following sections provide detailed 
instructions for these operations. 

EFSO Sequence of Operation 

As an example, the baseline EFSO sequence of operation 
is illustrated using Zone 2. The following section of text is 
a complete cycle of this sequence ranging from the normal 
condition to an alarm trigger, then back to the normal condi- 
tion using a series of RESET steps. This section then pres- 
ents a series of screen shots from the HMI software further 
illustrating the sequence. Sequence description is as follows. 
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FIG. 5.6 

RON control display screen. 


Step 1 EFSO pull station on one of the zone is pulled. 

Step 1.1 This sounds a horn on the terminal EFSO panel to 
notify terminal personnel. 

Step 1.2 Field EFSO panel horn also goes ON. 

Step 1.3 Simultaneously, pump is shut down. 

Step 2 Operator at the terminal silences the horn. 

Step 3 Operator looks at overview screen to determine 
which concourse has EFSO alarm active. 

Step 3.1 Observe which specific zone has alarm active. 

Step 4 Operators go to field EFSO panel for physical 
observation. 

Step 4.1 Silence the horn. 

Step 4.2 Investigate the situation. Ensure that MOVs have 
closed to isolate the zone. 

Step 5 Pull the EFSO pull station back to normal. 

Observe on the EFSO panel that green status lamp 
of the zone comes ON. 

Step 6 Reset EFSO panel at the concourse. 


Step 7 Start the pump to resume fueling rest of the air- 
port. Observe that closed MOVs keep affected 
area isolated. 

Step 8 When situation is resolved, open respective MOVs 
from MOV control screen. 

Step 8.1 See the status of valve to ON. 

HMI Screens for EFSO Sequence 

The graphical representation of the HMI screens as they 

would appear for different sequence steps is as follows: 

a. Overview screen shown in normal status mode (Figure 
5.10). Observe that there are no alarms in the top 
alarm window. All concourses and terminal blocks 
are GREEN. 

b. Touch the block for Zone 2 to see the example T1 
EFSO screen in normal operation (Figure 5.11): 
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FIG. 5.7 

Terminal 2 display screen. 


• All status bars are GREEN. 

• Concourse is not in bypass. 

• Pumps are not in bypass. 

• All valves are opened. 

c. Assume that one of the EFSO pull stations in Zone 2 

chain is pulled for an emergency. Observe overview 

screen at that time (Figure 5.12): 

• Notice that the Zone 2 is blinking Red, indicating 
that Zone 2 is in EFSO alarm mode. 

• Notice that the Zone 2 pull stations are blinking 
Red. 

• Notice that pump is blinking Red indicating that 
pump shutdown signal has been sent to the pump 
control panel. 

• Notice that top alarm window has alarms blinking 
Red with the time of the alarm indicated. 

• Notice that all respective isolation valves start 
their transition to close and are blinking Yellow 


and Red. In this case MOV4, 5, 8, 9, and 10 have 
to close for isolating Zone 2. 

d. Touch the Zone 2 block to see the T 1 EFSO screen at 

the time of the emergency (Figure 5.13): 

• Observe that the EFSO status bar is Red, indicat- 
ing that T1 EFSO is active and on the EFSO panel, 
Red EFSO lamp is ON. 

• Observe that the Zone 2 status bar is Red as well 
indicating that one of the EFSO pull stations on 
the Zone 2 side of the concourse is pulled. This 
also means that Green status lamp for Zone 2 on 
the EFSO panel is OFF. 

• Observe that the Valves 4 and 5 are in transit to 
close. Once valves close, status changes to Closed. 

e. Observe alarms in top screen at that time (Figure 5.14): 

• Observe the time and date stamp. 

• First are alarms of all MOV status closed such as 
MOV4, 5, 8, 9, and 10. 
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time 
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7/29/2006 10.37:42 AM 


7091200610:37:42 AM 
7Q9/200S 10:37 42 AM 


Message 


T4N2 WEST CHAIN EMERGENCY FUEL SHUTOFF 


T4N2 EMERGENCY FUEL SHUTOFF 
PUMP SHUTDOWN ACTIVE 


FIG. 5.8 

Alarm screen time and date setup. 


• Second alarm is “T1 ESD LAMP,” which means 
T1 has emergency. 

• Third alarm is “PUMP SHUTDOWN ACTIVE,” 
which means that shutdown signal for pump is 
sent to pump control panel. 

• You can scroll on the alarm page by using the UP 
or DOWN scroll arrows. 

f. Go to the overview screen and touch MOV9 to go to 
RON screen. 

g. To investigate the situation, physically visit the Zone 2 
and T1 EFSO panel at that concourse. 

h. Silence the local horn. 

i. Investigate the Zone 2 of the concourse to determine 
the location of actuated EFSO pull station and attend 
to the emergency. Blue beacon by the EFSO station 
will aid in locating the activated station. 

j. When the situation is resolved, pull the EFSO pull sta- 
tion back to the normal position. Figure 5.15 illustrates 
that situation: 

• Observe that the concourse bar is still blinking 
RED. 

• Observe that the pump is still blinking RED. 

• Observe that in the alarm window, the concourse 
EFSO alarm and pump shutdown are still active. 

• Observe that the Zone 2 pull stations are Green. 
Zone 2 lamp is now ON at the panel. 

• Observe that valves are closed. 


k. Open the door to the T1 EFSO panel at the concourse. 
Inside, find the RESET button and press to reset the 
panel operation. Close and re-latch the panel door. 
Now the display screen changes to the one shown in 
Figure 5.16: 

• Observe that Zone 2 is no longer in ESD and is 
Green. 

• Observe that pump is green. This means it can be 
started from pump control to resume fueling at 
rest of the airport. 

• Observe that valves are still closed. 

• Observe that only active alarms are valves 
closed. 

l. From the main HMI panel (Figure 5.17), go to MOV 
control screen and click on OPEN to open the valve: 

• Observe that VALVE status bar is In Transit To 
Open and blinks Green and Yellow. 

a. Press the GO TO OVERVIEW bar to see the 
overview screen in normal condition as in 
Figure 5.10. 

• Observe all zones are GREEN again. Observe that 
there is no alarm in the top alarm window. 

Bypass Sequence of Operation 

The EFSO operating system allows for the bypass of 
the pump shutdown sequence in the event of an EFSO 
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FIG. 5.9 

Historian trend screen setup. 


pull-station actuation. This operation requires either operator 

or an administrator to log-in. 

The BYPASS sequence executes in following order: 

Step 1 Login as an operator or an administrator. 

Step 2 Select zone to be put in bypass mode. Touch that 
zone’s bar on the overview screen to open that 
panel's screen. 

Step 3 Touch on the BYPASS button. 

Step 4 If successful, button will flash Yellow. 

Step 5 Perform the selected maintenance operations on 
the EFSO pull-station chain. 

Step 6 Note that when any EFSO button is pulled, the 
respective area alarm comes ON and EFSO alarm 
comes ON at the concourse panel and at the HMI 
on terminal panel. 

Step 7 Note that pump shutdown is not actuated. 

Step 8 Observe that zone isolation MOVs will not close. 


Step 9 Restore EFSO pull station and observe that alarm 
clears. 

Step 10 Reset the system inside the local panel to clear the 
EFSO alarm. 

Step 1 1 Turn bypass OFF and resume normal operation. 

HMI Screens for Bypass Sequence 

The graphical representation of the HMI screens as they 
would appear for different steps of the sequence using Zone 
1 as an example is as follows: 

a. Figure 5.18 shows an overview screen in normal mode 
showed with administrator logged in. 

b. Touch the Zonel bar to open the T1 EFSO screen. 

c. Touch on the Zone 1 bypass bar to put it in bypass 
mode (Figure 5.19). 
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FIG. 5.10 

Overview display screen at normal mode. 


d. Figure 5.20 shows the overview window with Zone 1 
in bypass mode. 

e. When a concourse is in bypass, shutdown of the pump 
is not activated during an EFSO alarm and the valves 
are not closed. Figure 5.21 shows the overview screen 
and the T1 screens with the Zone 1 EFSO alarms and 
Zone 1 in bypass. Note the difference in the back- 
ground color of the pull-station graphic indicators. 
Zone 1 EFSO pull stations, which are in alarm, are 
Red, while active but normal condition buttons are 
Green. 

f. T1 HMI screen with the panel bypass on and an alarm 
condition in Zone 1 pull-station chain (Figure 5.22): 

• Observe that bypass button is Yellow. 

• Observe that Zonel is in alarm mode, as a result, 
T1 panel is in alarm. 

• Observe that terminal is still green. 

• Observe that valves are still open. 


g. Figure 5.23 shows the top alarm screen with the Zone 
1 alarm. Note that the pump shutdown has not been 
actuated. 

h. Restore normal operation by touching on Z1 BYPASS 
on T1 screen and observe it turns Green. 


Communication Failure 

The EFSO System continuously monitors itself for proper 
communications between the individual concourse control 
panels and the master control panel. In the event that com- 
munications are lost, the HMI will alarm and indicate the 
fault as shown on the overview screen. Communications 
integrity must be monitored on a routine basis, and the com- 
munications failure sequence must be tested and maintained 
as required. The HMI development will somehow be similar 
to the ones exemplified above. 
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FIG. 5.11 

T1 EFSO display screen on the normal mode. 
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FIG. 5.12 

Zone 2 emergency is signaled. 
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FIG. 5.13 

Zone 2 display screen at emergency mode. 
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FIG. 5.14 

Zone 2 display screen displaying alarm information. 
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FIG. 5.15 

Zone 2 display screen displaying after emergency has been physically rectified. 
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FIG. 5.16 

Zone 2 display screen resetting Phase 1. 
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FIG. 5.17 

Zone 2 display screen resetting Phase 2. 
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FIG. 5.18 

Bypass sequence normal mode. 


© 2012 by Bela Liptak 










5 


SCADA — Supervisory Control and Data Acquisition System and an Example 


125 


U«un Tim* T* 


IhViIh* AlMHilakvl 


T» 

gso 


Cl 


awtptm 1 1 n bypass 

urwii ) a by pas s 


LOC 

CO TO 

PRINT 

OUT 

OVERVIEW 

SCREEEN 


PLC COMMUNICATION STATUS 


T1 EFSO PLC CAONET 





J3_te_J_2=iL 


I > turtle OK Strm 




FIG. 5.19 

Bypass sequence T1 EFSO display screen. 
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FIG. 5.20 

Zone 1 overview of bypass display screen. 
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FIG. 5.21 

Displays screen with the Zone 1 EFSO alarms and Zone 1 in bypass. 
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FIG. 5.22 

Alarm condition in Zone 1 pull station chain. 


© 2012 by Bela Liptak 












5 SCADA — Supervisory Control and Data Acquisition System and an Example 129 




Ack Cgwcnt | Ach Page | Act All | Silence Ciw | Eacculc | Identity | Sort 


FIG. 5.23 

Alarm screen with Zone 1 alarm. 
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